Open k-t opened 1 year ago
Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014 See info in area-owners.md if you want to be subscribed.
Author: | k-t |
---|---|
Assignees: | - |
Labels: | `area-System.DirectoryServices` |
Milestone: | - |
Replacing it with LdapOption.LDAP_OPT_ERROR_STRING allows to get the desired error message from Active Directory on Linux.
Would it be possible to use LdapOption.LDAP_OPT_ERROR_STRING in LdapSessionOptions for Linux? Or to add some other way to get that information if this change can break existing code for LDAP servers other than AD?
If that is the case we could have different implementations for each platform for that ServerErrorMessage
method https://github.com/dotnet/runtime/blob/f516d02550e5f47d12b7d551b8b3dfcf33d8743a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.cs#L507
I see the LdapSessionOptions.cs
is a partial class that already has Windows and Linux implementations
@k-t if you interested, please feel free to put up a fix with corresponding test(s)
I also encountered this problem, is there any short-term solution?
Sorry, I'm not sure how to properly reopen existing issue which was closed due to inactivity.
Basically, I have the same issue as in #70210.
I'm trying to handle the case where Active Directory user enters correct credentials but his password was either reset or expired. I can rely on LdapException.ServerErrorMessage on Windows where it provides details like:
But on Linux this property is always empty. I can't rely on LdapException.ErrorCode since it always equals to 49 (LDAP_INVALID_CREDENTIALS) which is expected.
I've checked both 7.0 and 8.0.0-preview.1.23110.8 versions of System.DirectoryServices.Protocols with the same result.
It seems that the issue stems from the usage of
LdapOption.LDAP_OPT_SERVER_ERROR
here even though it is mentioned it's not supported on Linux (here).Replacing it with
LdapOption.LDAP_OPT_ERROR_STRING
allows to get the desired error message from Active Directory on Linux.Would it be possible to use
LdapOption.LDAP_OPT_ERROR_STRING
in LdapSessionOptions for Linux? Or to add some other way to get that information if this change can break existing code for LDAP servers other than AD?